|
248061
|
8.1 |
HIGH
Network
|
hdfgroup
|
hdf5
|
A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11205
|
2024-11-21 12:42 |
2018-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248062
|
6.5 |
MEDIUM
Network
|
hdfgroup
|
hdf5
|
A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-11204
|
2024-11-21 12:42 |
2018-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248063
|
6.5 |
MEDIUM
Network
|
hdfgroup
|
hdf5
|
A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
|
CWE-369
Divide By Zero
|
CVE-2018-11203
|
2024-11-21 12:42 |
2018-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248064
|
6.5 |
MEDIUM
Network
|
hdfgroup
|
hdf5
|
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-11202
|
2024-11-21 12:42 |
2018-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248065
|
6.1 |
MEDIUM
Network
|
livezilla
|
livezilla
|
chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10810
|
2024-11-21 12:42 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248066
|
9.8 |
CRITICAL
Network
|
intelbras
|
ncloud_300_firmware
|
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For examp…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11094
|
2024-11-21 12:42 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248067
|
6.5 |
MEDIUM
Network
|
e107
|
e107
|
e107 2.1.7 has CSRF resulting in arbitrary user deletion.
|
CWE-352
Origin Validation Error
|
CVE-2018-11127
|
2024-11-21 12:42 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248068
|
8.8 |
HIGH
Network
|
doorgets
|
doorgets
|
dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.
|
CWE-352
Origin Validation Error
|
CVE-2018-11126
|
2024-11-21 12:42 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248069
|
6.1 |
MEDIUM
Network
|
3cx
|
live_chat
|
There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_su…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11105
|
2024-11-21 12:42 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248070
|
5.3 |
MEDIUM
Adjacent
|
mimobaby
|
mimo_baby_2_firmware
|
Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the po…
|
CWE-287
CWE-311
Improper Authentication
Missing Encryption of Sensitive Data
|
CVE-2018-10825
|
2024-11-21 12:42 |
2018-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
